gpg: add the --delete-secret-subkeys command
AbandonedPublic

Authored by matheusmoreira on May 4 2019, 10:17 PM.

Details

Summary
  • g10/gpg.c (cmd_and_opt_values): Add delete-secret-subkeys command.

(opts): Add delete-secret-subkeys argparse option.
(main): Parse and invoke the delete-secret-subkeys command.

  • g10/main.h (delete_keys): Add subkeys_only parameter.
  • g10/delkey.c (delete_keys): Likewise.

(do_delete_key): Skip primary keys if subkeys_only is true.

  • po/pt.po: Translate delete-secret-subkeys command description.
  • doc/gpg.texi: Document the delete-secret-subkeys command.

The new delete-secret-subkeys command is a safer variant of the existing
delete-secret-keys command. It skips primary keys during the deletion
process, preventing accidental deletion of the user's primary key
even if an exact key description for the primary key is provided.

Signed-off-by: Matheus Afonso Martins Moreira <matheus.a.m.moreira@gmail.com>

Test Plan

Given a temporary gpg home with one primary and multiple subordinate keys:

$ agent/gpg-agent --daemon --homedir $XDG_RUNTIME_DIR/gnupg-git

$ g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git --batch --passphrase '' --default-new-key-algo rsa1024/cert --quick-gen-key test
$ PRIMARY=$(g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git -K --with-colons | awk -F: '/fpr/ { print $10 }' | head -1)

$ g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git --batch --passphrase '' --quick-add-key $PRIMARY rsa1024 sign
$ SIGN=$(g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git -K --with-subkey-fingerprint --with-colons | awk -F : '/fpr/ { print $10 }' | tail -1)

$ g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git --batch --passphrase '' --quick-add-key $PRIMARY rsa1024 encr
$ g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git --batch --passphrase '' --quick-add-key $PRIMARY rsa1024 auth
  1. --delete-secret-subkeys $PRIMARY should delete all subkeys and leave the primary key intact.
  2. --delete-secret-subkeys $PRIMARY! should not delete any keys.
  3. --delete-secret-subkeys $SIGN should delete all subkeys and leave the primary key intact.
  4. --delete-secret-subkeys $SIGN! should delete only the signing subkey and leave the primary key and other subkeys intact.

Diff Detail

Repository
rG GnuPG
Lint
Lint Skipped
Unit
Unit Tests Skipped

Rebased on top of master: 4c7d63cd5b02

matheusmoreira retitled this revision from gpg: introduce the --delete-secret-subkeys command to gpg: add the --delete-secret-subkeys command.
matheusmoreira edited the summary of this revision. (Show Details)
matheusmoreira edited the summary of this revision. (Show Details)

Add documentation.

matheusmoreira edited the summary of this revision. (Show Details)May 29 2019, 10:09 AM
matheusmoreira abandoned this revision.Jun 6 2019, 3:24 AM

New commands can't be introduced.